Wilmer, Texas – At the public library in Wilmer, books were checked out not with the beeps of bar code readers but with the scratches of pen on notebook paper. Out on the street, police officers were literally writing tickets — by hand. When the entire computer network that keeps the small town’s bureaucracy afloat was recently hacked, Wilmer was thrown into the digital Dark Ages.
“It’s weird,” said Jennifer Dominguez, a library assistant. “We’ve gone old-school.”
This has been the summer of crippling ransomware attacks. Wilmer — a town of almost 5,000 people just south of Dallas — is one of 22 cities across Texas that are simultaneously being held hostage for millions of dollars after a sophisticated hacker, perhaps a group of them, infiltrated their computer systems and encrypted their data. The attack instigated a statewide disaster-style response that includes the National Guard and a widening FBI inquiry.
More than 40 municipalities have been the victims of cyberattacks this year, from major cities such as Baltimore, Albany and Laredo, Texas, to smaller towns including Lake City, Fla.
Lake City is one of the few cities to have paid a ransom demand — about $460,000 in Bitcoin, a cryptocurrency — because it thought reconstructing its systems would be even more costly.
“The business model for the ransomware operators for the past several years has proved to be successful,” said Chris Krebs, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, which has the primary responsibility for aiding American victims of cyberattacks.
“Years of fine-tuning these attacks have emboldened the actors, and you have seen people pay out — and they are going to continue to pay out,” he said, despite warnings from the FBI that meeting ransom demands only encourages more attacks.
In Georgia alone in recent months, the tally of victims has been stunning. The city of Atlanta. The state’s Department of Public Safety. State and local court systems. A major hospital. A county government. A police department for a city of 30,000 people.
An FBI warning sent to key players in the American cyberindustry Monday left unclear who was responsible for the malware afflicting Texas, a strain first seen in April and named Sodinokibi. On Wednesday, the Department of Homeland Security issued a warning about a “Ransomware Outbreak,” cautioning cities and towns to “back up your data, system images and configurations” and keep them offline. It urged them to update their software — something Baltimore had failed to do.
In the 22 Texas attacks, according to several experts who have been called in, the pathway appeared to be through a once-trusted communications channel often used by law enforcement agencies and managed by a private systems-management firm. Getting inside a channel shared by so many Texas localities meant the hackers had to target only one system, which ushered them into municipal networks across the state.
The coordinated attack in Texas began last Friday morning. State officials said a “single threat actor,” which could be a group, was behind the cyberattack, but they declined to elaborate or discuss details about how the virus spread.
Four of the 22 towns have a total of about 31,000 residents. Such small city governments, which often use motley collections of vintage software and lack the budget and sophistication for strong cyberdefense, have become a favorite target for ransomware attacks.
Although some of the Texas towns’ computer systems are now back online, others are being restored by teams of state and federal cybersecurity experts and investigators, including those with the National Guard in Texas.
Officials in Wilmer hoped to have the city’s systems fully operational in two to three weeks. The mayor, Emmanuel Wealthy-Williams, issued a statement as well.
It was neatly handwritten, on notebook paper.